Home Malware Programs Rogue Anti-Spyware Programs Windows Easy Transfer

Windows Easy Transfer

Posted: June 6, 2011

The original Windows Easy Transfer is a Windows program that assists you in moving files and settings from one version of Windows to another version. Unfortunately, a new rogue security program using the same Windows Easy Transfer name has also appeared in recent times. This threat variant of Windows Easy Transfer fakes anti-virus programs features by creating inaccurate system scans and infection warnings to convince you that purchasing a registration key can prevent serious computer problems. Rogue security programs similar to Windows Easy Transfer have been known to hijack web browsers and create other attacks on security-related programs, which makes removing Windows Easy Transfer as soon as possible, a common sense thing to do.

Do You Have the Real Windows Easy Transfer or a Threat on Your Hands?

Distinguishing between the real Microsoft-affiliated Windows Easy Transfer and a rogue security program that's hiding under Windows Easy Transfer's name is a relatively easy task. The real Windows Easy Transfer:

  • Will limit Windows Easy Transfer's advertised functions to moving files and settings from one Windows environment to another Windows environment. This includes, media, email messages, bookmarks or favorites, text documents and account settings.
  • Will not ever detect infections on your PC or offer anti-virus or security features.
  • Will never redirect you towards a website that requests that you purchase software, or otherwise ask you to spend money. The real Windows Easy Transfer is a free program, and purchasing a license, registration key or activation key is never necessary.

Dealing with Windows Easy Transfer Threat

By contrast, the fake Windows Easy Transfer exhibits typical threat behavior. Rogue security programs using the Windows Easy Transfer name may:

  • Creates fake error messages that find infections on your PC that aren't detected by other security software, or make false announcements of severe system problems:

    System component corrupted!
    System reboot error has occurred due to lsass.exe system process failure.
    This may be caused by severe malware infections.
    Automatic restore of lsass.exe backup copy completed.
    The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

    System Security Warning
    Attempt to modify register key entries is detected. Register entries analysis is recommended.

  • Blocks access to various applications, most importantly applications that are related to security or system diagnostics, like Windows Task manager and anti-virus scanners. Windows Easy Transfer program blocks may be accompanied by more fake errors that falsely inform you that the program is infected:

    Warning!
    Location: [application file path]
    Viruses: Backdoor.Win32.Rbot

    Warning!
    Name: [application file name]
    Name: [application file path]
    Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

  • Launch itself without your permission. Most rogue security programs like Windows Easy Transfer will create Windows startup Registry entries that essentially make launching Windows and launching Windows Easy Transfer synonymous.
  • Continue to run in the background even after being closed. You can view a background memory process in Windows Task Manager, if Windows Easy Transfer will allow you to open it. If Windows Easy Transfer has blocked Task Manager, there are various free programs that perform equivalent functions, and many security scanners are able to scan memory processes.
  • Hijack your web browser to force you to visit websites related to Windows Easy Transfer. These websites will pretend to be legitimate security software companies in an attempt to steal your credit card information. Hijacks may also play advertisements or create fake errors to restrict your website access.

Since threats like Windows Easy Transfer are often distributed by Trojans, you shouldn't try to remove Windows Easy Transfer and related threats manually, unless no other options are available. Using Safe Mode and completely updated security software to delete Windows Easy Transfer is less likely to result in unexpected damage to your PC.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[User Profile Name]\Application Data\[RANDOM CHARACTERS].exe
    2 Uninstall Windows Easy Transfer.lnk
    3 Windows Easy Transfer.lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” ='no'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main 'Use FormSuggest" = 'yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations 'LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"

One Comment

Loading...